Joseph, Matthew (EXP) wrote:
Hey Rob,
The NIS Clients that I am adding are Solaris 2.7, and Solaris 8. So I believe
looking at the IPA document they would need to be Solaris 9 or above for it to
communicate with IPA natively using LDAP.
These Servers aren't going to be around much longer (Probably another year at
the most) so I am just looking for the quickest way possible to get them to
communicate with IPA.
What do you think the best course of action would be for my situation?
You have two choices.
You can try the instructions at
http://freeipa.org/page/ConfiguringUnixClients to configure LDAP for
authentication. We haven't tested this for many moons but it should
still work.
Or you can proceed and try to use crypt passwords which will be sent in
the passwd entry. The LDIF you provided should have worked fine, I'm not
sure why it didn't, particularly the error it returned. If you do it on
the IPA server you shoudl just need:
ldapmodify -x -D 'cn=directory manager' -W
dn: ...
As for migrating existing passwords, you need to enable migration mode
(ipa config-mod --enable-migration=true) and set the password when the
user is added.
ipa user-add --first=Rob --last=Crittenden rcritten --setattr
userPassword='{CRYPT}hash'
ypcat passwd should confirm that the password is visible. We don't
recommend this.
rob
Matt
-----Original Message-----
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Friday, April 05, 2013 10:36 AM
To: Joseph, Matthew (EXP); freeipa-users@redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat Password Issues
Joseph, Matthew (EXP) wrote:
My old NIS server we used shadow passwords.
When I migrated my passwd nis file to IPA I'm assuming it also imported the part of the
file that contains the "x" to point it towards a shadow file.
Would I need to remove the "x" from the nis passwd file and re-migrate it to
IPA?
Is there a better way to get around this?
This is why I asked what nsswitch.conf looked like. IPA does not provide the
shadow map, so no passwords at all area available.
It is possible to add a shadow map, but it is unsecure and one of the primary
reasons people don't use NIS much any more.
What kind of client are you configuring, and do you need it to be pure NIS?
rob
Matt
-----Original Message-----
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Joseph, Matthew
(EXP)
Sent: Friday, April 05, 2013 6:40 AM
To: Rob Crittenden; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] EXTERNAL: Re: NIS Compat Password Issues
Hey Rob,
The passwd section of nsswitch.conf is the following;
Passwd: files nis
Matt
-----Original Message-----
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Thursday, April 04, 2013 3:05 PM
To: Joseph, Matthew (EXP); freeipa-users@redhat.com
Subject: EXTERNAL: Re: [Freeipa-users] NIS Compat Password Issues
Joseph, Matthew (EXP) wrote:
Hello,
I've having issues with trying to login to our NIS clients that are
looking at IPA as a "NIS" Server.
The NIS Client can view all of the usernames when I do a ypcat passwd
but when I try to login a with a user account it will not accept the
password. I've even tried setting it as simple as Password123 and
still nothing.
I don't see anything NIS related in the error logs on the IPA server.
Can someone point me in the right direction for this?
What does your nsswitch.conf look like?
Note that IPA does not provide the shadow map (because it sends hashes in the
clear).
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users